For all the criticism of Microsoft and its security flaws, the software giant has made an impressive turnaround. While Vista has been derided for a variety of reasons, most would agree that it’s much more secure than Windows XP. Recently, a hacker conference showed just how vulnerable systems running Mac OS X are, due to their slow rate of patches. The Mac machine was hijacked within 10 minutes, while the Linux and Windows boxes survived the day.

Now an even worse security flaw has been found in some of the basic code used by a wide variety of Linux security programs. The error originated back in May 2006 when workers on the open-source security project committed a grave and unrealized error.

Be careful. This whole article implies that the problem is more widespread than it really is.

Only distributions (like Ubuntu) that use the Debian repositories were affected. NONE of the commercial vendors and most of the other major distributions (RPM-based, source-based, etc.) are completely unaffected. This also only affects keys generated on Debian derivatives.

Further, Ubuntu is distributing with the updated OpenSSH packages a key blacklist and vulnerability assessment utility. Users who have bad keys are being notified at the time of update that their keys may be compromised.